Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Sep 2010 16:02:47 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: Minor security flaw with pam_xauth


----- "Solar Designer" <solar@...nwall.com> wrote:

> > Let's use CVE-2010-3430 for the missing setfsgid.
> 
> ...and the missing setgroups().
> 
> > Use CVE-2010-3431 for the missing return checks on setfsuid.
> 
> OK.  BTW, I think this is not exploitable on current kernels, at least
> not via RLIMIT_NPROC (it does not apply to fsuid), yet it is desirable to
> check the return value from such syscalls.
> 
> What about the completely missing privilege switching in pre-1.1.2 (the
> bug found by Sebastian)?  I don't recall if it already had a CVE id
> assigned or not.
> 

Ugh, this has gone south on me.

Since you have the best understanding of these, can you break them down
with reasonable explanations and I'll assign IDs to whatever still needs
them?

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.